Security Experts:

Students Sue Google over Gmail Account Scanning

A group of former and current students have sued Google in federal court in San Jose, California, alleging that the company scanned their Gmail accounts and gathered data for advertising purposes.

Four University of California, Berkeley students claim that the Internet giant scanned their emails despite the fact that they had school-issued accounts, which the company pledged not to track. The plaintiffs say that Google not only scanned their accounts, but also processed and retained their data for advertising and tracking purposes.

On April 30, 2014, Google announced  that it stopped scanning Google Apps for Education (GAFE)-powered account emails for advertising purposes, an activity that it had been engaged in between November 2010 and March 2014.

In December 2015, the Electronic Frontier Foundation (EFF) filed a complaint with the United States Federal Trade Commission (FTC) claiming that Google was spying on students despite committing to not do so. The EFF explained that Google associates students’ educational account in GAFE services with the activity on other services, and that it serves ads in non-GAFE services based on that association.

The practice was said to be in violation of the Student Privacy Pledge , which Google signed previously, and which states that the company was not going to “collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes.” In its complaint, EFF noted that Google was abusing the Sync feature in Chrome on Chromebooks sold to schools for carrying out the collection and tracking of students’ data and activity across services and devices.

Google responded to the EFF complaint and said that the student data in GAFE Core Services is not used for advertising purposes and that Chrome Sync is meant to provide students with instant access to their work across devices. The company also noted that the feature can be easily disabled, but admitted that some Chrome Sync data is used to improve services, but only after “completely removing information about individual users.”

The new complaint (PDF) filed on behalf of four GAFE users claims that Google intercepted and scanned emails in GAE-powered .edu email accounts before the April 2014 announcement, and that the company did so to profile users. Given that some schools informed students that their emails were private, the plaintiffs believe they have strong claims against Google.

Moreover, the complaint states that Google both refused to “release additional details that would confirm its indirect admission that it has stopped collecting or using student data (or information derived from analysis of student data) for advertising purposes,” and refused to delete the data collected prior April 2014 or to promise it won’t use the data for advertising purposes.

The lawsuit, known as Corley et al v. Google, suggests that tens of millions of users might have been affected by Google’s actions. On a dedicated website, attorney Ray E. Gallo says that clients from nearly a dozen universities may be accepted on a contingency basis, including students from UC Berkeley, UC Santa Cruz, San Diego State, University of Maine, Bates College, Pacific Lutheran University, Harvard, Yale, University of Arizona, University of Washington, and SUNY Stony Brook.

view counter